Subject: Re: Requests to lpd from non-reserved ports rejected (& other q's)
To: Rafal Boni <email@example.com>
From: Brett Lymn <firstname.lastname@example.org>
Date: 05/17/2001 22:58:24
According to Rafal Boni:
>My chief complaint so far is that `lpd' categorically rejects requests
>originating from non-reserved ports as "Malformed". Other than the
>dubious amount of security this gives you, is there some other reason
>for rejecting these requests?
Not that I know of apart from tradition - the lpd in SunOS 4.1.3 does
the same thing so it was probably a Berkley thing. In this day of
easily having your own unix like machine and/or a wintel box which
does not enforce the "reserved port" paradigm make the security aspect
I know for a fact that Solaris' lpd emulation does not enforce this
because I made a web based print queue manager that exploited this
very characteristic, the real beauty of it is that I don't need all
the printers defined on the web server to make it work - the cgi
(well, really mod_perl) script just connects up to the lpd port on the
selected machine and speaks lpd protocol directly to that machine so I
can get a queue status and/or delete jobs.
>If not, I'll go and whip up a patch to do allow this restriction to be
>turned on/off from the command line.
Probably the source port check should just die.
Brett Lymn, Computer Systems Administrator, BAE SYSTEMS